Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Asterisk SIP T.38 SDP解析远程栈溢出漏洞
Vulnerability Description
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk的SIP/SDP处理器中存在多个远程栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 如果所发送SIP报文中的SDP数据包含有超长的T38参数的话,就可以触发这个溢出,导致执行任意代码。这个漏洞是由chan_sip.c文件中的process_sdp函数调用sscanf所导致的: else if ((sscanf(a, "T38FaxRateManagement:%s", s)
CVSS Information
N/A
Vulnerability Type
N/A